Add an extra layer of security

Protect your account with two-step verification, an optional but highly recommended security feature.

Once two-step verification is enabled, Dropbox will require you to enter a six-digit security code in addition to your password when you sign into the Dropbox website or link a new device.


Enabling two-step verification

Before enabling two-step verification, you’ll receive ten 8-digit backup codes. It’s very important that you write these keys down and store them somewhere safe. If you ever lose your phone, or can’t receive or generate a security code, you’ll need one of these backup codes for emergency access to your Dropbox.

To enable two-step verification:

  1. Sign in to the Dropbox website.
  2. Click on your name in the upper-right of any page to open your account menu.
  3. Click Settings from the account menu and select the Security tab.
  4. Select Enable under Two-step verification.
  5. Click Get started.

Re-enter your password to enable two-step verification, and then choose how you want to receive your security code (see the following section).


Choosing your authentication method

You'll need a mobile phone to access your six-digit security code. You can either have the code texted to you, or you can download an app that automatically generates a code for you.

Use text messages:

If you choose to receive your security codes by text message, you'll need a phone capable of receiving text messages (carrier rates may apply). Whenever you successfully sign in to Dropbox using your password, a text message containing a security code will be sent to your phone. To enable this option:

  1. Select Use text messages during the two-step verification setup.
  2. Enter the phone number where you'd like to receive text messages.
  3. You'll be sent a security code by text message. Verify your phone number and enable two-step verification by entering this code on the website when prompted.

Use a mobile app:

Several mobile apps are available that will generate a unique time-sensitive security code you can use for two-step verification purposes. Any app that supports the Time-based One-Time Password (TOTP) protocol should work, including the following:

  1. Google Authenticator (Android/iPhone/Blackberry)
  2. Duo Mobile (Android/iPhone)
  3. Amazon AWS MFA (Android)
  4. Authenticator (Windows Phone 7)

Most apps will generate security codes even when cellular/data service is not available - useful when traveling or where coverage is unreliable.

To use one of these apps:

  1. Select Use a mobile app during the two-step verification setup.
  2. Choose to either scan the barcode (if your app supports it) or click enter your secret key manually to be given a secret key you can type into the app.
  3. Once your app is configured, enter the security code generated by your authenticator app to verify setup and enable two-step verification.

Note: When setting up two-step verification, consider adding a second phone number that can receive text messages as well. If you ever lose your primary phone, you'll be able to receive a backup security code at your secondary number instead.

Was this article helpful?

Thanks for the feedback.

We're really glad we could help!

Thanks for letting us know.

We'd really appreciate a few pointers on how to improve this article.

Thanks for the feedback.